Date: Thu, 16 Apr 1998 23:45:26 -0700 (PDT) From: dima@best.net (Dima Ruban) To: mph@pobox.com (Matthew Hunt) Cc: robert+freebsd@cyrus.watson.org, dima@best.net, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions (part II) Message-ID: <199804170645.XAA13015@burka.rdy.com> In-Reply-To: <19980417015505.15073@mph124.rh.psu.edu> from Matthew Hunt at "Apr 17, 98 01:55:05 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Hunt writes: > On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote: > > > Anyhow, if there is sufficient interest in the project, I'd like to try > > and get it off the ground. Presumably, some changes might work their way > > back into the default distribution. If we lose no significant > > functionality, it cannot hurt to restrict priveledges. It may help us > > when those unpredicted vulnerabilities do turn up. > > It sounds to me like a wothwhile project, even though I would be > unlikely to use it myself. I do question the idea of making it It actually depends on what are you using FreeBSD for. Of course you don't really need it if you use you machine as a desktop, or in one/few user production enviroment. (No need to argue, it's just a basic point) > part of the ports system, because the idea of ports modifying the > base system seems like a considerable departure from the rest of > the ports collection. About having this in ports - I don't think so, and I doubt Satoshi will disagree with me. > I can't be persuaded that a world-readable kernel can ever present > a problem (the real problem would have to be in some other software) Absolutely. That's why I've called it a "potential problem" > and Dima is unlikely to be persuaded to my point of view. I see > a pattern in my future: "make install", forget to change the perms > to 444, reboot, kick myself (since I run with securelevel=1), swear > to remember next time, and repeat the cycle. :-) :-) I don't see a good way of adjusting this. That why I was pointing that this change ton't break anything. Speaking about improving security. How about change like this (I didn't implement it yet, but it's not be a big deal). Right now we have a mount flag "nosuid". It serves it's mission, but I'd love to have some flexibility on this. Example is ISP enviroment (again :-). You want to allow users to have suid to them programs, but at the same time you feel bad about having suid programs for uids less than something (let's say 100). How about to implement this? Via mount options or something else? Let's say, one wants to allow users to have suid programs, if uid on suid program is greater than N and less than M. How does it sound? > > -- > Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon. > http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170645.XAA13015>